[−][src]Module pachyderm::auth
Modules
| api_client | Generated client implementations. |
| auth_config | |
| id_provider | |
| token_info |
Structs
| Acl | |
| AclEntry | |
| ActivateRequest | ActivateRequest mirrors AuthenticateRequest. The caller is authenticated via GitHub OAuth, and then promoted to the cluster's first Admin. Afterwards, the caller can promote other users to Admin and remove themselves |
| ActivateResponse | |
| AuthConfig | Configure Pachyderm's auth system (particularly authentication backends |
| AuthenticateRequest | Exactly one of 'github_token', 'oidc_state', or 'one_time_password' must be set: |
| AuthenticateResponse | |
| AuthorizeRequest | |
| AuthorizeResponse | |
| ClusterRoles | ClusterRoles reflects any cluster-wide permissions a principal has. A principal can have multiple cluster roles. |
| DeactivateRequest | |
| DeactivateResponse | |
| ExtendAuthTokenRequest | |
| ExtendAuthTokenResponse | |
| GetAclRequest | |
| GetAclResponse | GetACLReponse contains the list of entries on a Pachyderm ACL. |
| GetAdminsRequest | Deprecated. Get the list of cluster super admins. |
| GetAdminsResponse | |
| GetAuthTokenRequest | |
| GetAuthTokenResponse | |
| GetClusterRoleBindingsRequest | Get the current set of principals and roles for the cluster |
| GetClusterRoleBindingsResponse | |
| GetConfigurationRequest | |
| GetConfigurationResponse | |
| GetGroupsRequest | |
| GetGroupsResponse | |
| GetOidcLoginRequest | |
| GetOidcLoginResponse | |
| GetOneTimePasswordRequest | GetOneTimePassword allows users to generate short-lived (~30s) tokens that can be passed to Authenticate() (via AuthenticateRequest.one_time_password) and exchanged for a longer-lived pachyderm token. This is more secure than GetAuthToken, which produces long-lived authorization tokens. |
| GetOneTimePasswordResponse | |
| GetScopeRequest | |
| GetScopeResponse | |
| GetUsersRequest | |
| GetUsersResponse | |
| Groups | |
| IdProvider | IDProvider configures a single ID provider that can authenticate Pachyderm users |
| ModifyAdminsRequest | Deprecated. Add and remove users from the set of cluster super admins. |
| ModifyAdminsResponse | |
| ModifyClusterRoleBindingRequest | Set cluster roles for the specified principal. Setting an empty list of roles revokes any roles the principal has. |
| ModifyClusterRoleBindingResponse | |
| ModifyMembersRequest | |
| ModifyMembersResponse | |
| OtpInfo | OTPInfo is the analogue of 'TokenInfo' for Authentication Codes (short-lived, one-time-use codes that are passed to the frontend and then exchanged for longer-lived tokens) |
| RevokeAuthTokenRequest | |
| RevokeAuthTokenResponse | |
| SessionInfo | SessionInfo stores information associated with one OIDC authentication session (i.e. a single instance of a single user logging in). Sessions are short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC 'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin' generates and inserts entries, then /authorization-code/callback retrieves an access token from the ID provider and uses it to retrive the caller's email and store it in 'email', and finally Authorize() returns a Pachyderm token identified with that email address as a subject in Pachyderm. |
| SetAclRequest | |
| SetAclResponse | |
| SetConfigurationRequest | |
| SetConfigurationResponse | |
| SetGroupsForUserRequest | |
| SetGroupsForUserResponse | |
| SetScopeRequest | |
| SetScopeResponse | |
| TokenInfo | TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection |
| Users | |
| WhoAmIRequest | |
| WhoAmIResponse |
Enums
| ClusterRole | |
| Scope | Scope (actually a "role" in canonical security nomenclature) represents a rough level of access that a principal has to a repo |